Sister CISA CISSP

If you want to experience pain in the corporate wallet, I invite you to go to the Data Loss Cost Calculator. Plug in some numbers and look at the costs in the different regulatory penalties, attorney fees, investigation costs, etc. I recently completed a SMALL forensics exam that cost the client in the six figures without crisis management/client notifications.

A survey conducted by the Ponemon Institute (you need to give up info to access the study, unfortunately) found that 58% of respondents who had received notification that their personal information had been compromised by a data breach had lost confidence in the company and that 31% planned to cease doing business with the company. The cost of a data breach is estimated at $197.00 per record.

The actual cost to the consumer (you and me) is usually estimated based on identity theft statistics. Not every data breach results in identity theft. But the potential for identity theft automatically exists for every data breach. This is what business is forced to address, and rightly so. We have to endure the inconvenience of changed credit card numbers, and other minutia for data breaches. The cost to consumers for identity theft is much larger.

Best case estimates are that it takes between 25-40 hours of the consumer’s time (you and me) and a cost of $5720.00, according to PrivacyRights.org. But consider also that the consumer (you and me) may be dealing with the trail of the identity theft for up to 10 years or more. What fun. No wonder they’re suing.

Those of us working in small organizations often think we are somehow “immune” from data theft. It’s kind of like planning for your own funeral – no one wants to think about it. But when it happens, what’s your plan? Are bits and pieces inside your Disaster Recovery Plan and/or your Incident Response Plan? Has your company done an impact analysis?

Keep in mind that many smaller companies do not recover from data breaches; if you lost 31% of your business, would the company survive?

A business impact analysis of the cost of damage recovery should include the following:

By submitting you agree to receive email from TechTarget and its partners. If you reside outside of the United States, you consent to having your personal data transferred to and processed in the United States.
Privacy

Processing your reply...

There was an error processing your information. Please try again later.

By submitting you agree to receive email from TechTarget and its partners. If you reside outside of the United States, you consent to having your personal data transferred to and processed in the United States.
Privacy

Processing your reply...

About This Blog

Are IT Engineers and IT Auditors natural enemies? Having worked on both sides of the fence, I have a unique understanding of the common ground of these disciplines. It all comes down to competence. Can you say SAS 70, (ooops, SSAE16), PCI, SOX404, Digital Forensics, Pentesting ...Geek?